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THIS THREE-MONTH PERIOD IS NOT EXTENDABLE. 
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DETAILED ACTION 

1 . This office action is in reply to an amendment filed on December 
07, 2007. 

2. Claims 1-26 are pending the application, with claims 1, 11, 16, 
and 21 being independent. Claims 16-26 have been amended. 

3. As the result of amendment made to claims 16-26, the 101 
rejection set forth in the pervious office action is overcome and the 
rejection is withdrawn. 

4. As the result of amendment made to independent claims 16 and 
21, the 112 rejection set forth in the pervious office action is also 
overcome and the rejection is withdrawn. 

Priority 

5. This application does not claim priority of an application. 
Therefore, the effective filling data for the subject matter defined in 
the pending claims of this application is 1 1 / 2 6/ 2003 

Allowable Subject Matter 

6. Claims 1-26 are allowed. 

7. The following is an examiner's statement of reasons for allowance: 

8. Referring to the independent claims 1, 11, 16 and 21 the art 

on the record, namely Goldberg discloses some of the limitation 
of the claims/ the general subject matter of the invention. 



For instance Referring to independent claims 1. 11. 16 and 21 
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Goldberg discloses a method for dynamically creating and 
maintaining a set of indices in a computer, wherein the 
indices identify a plurality of filters defining a network policy 
and wherein the indices are used by a firewall to identify a 
matching filter, comprising: [Abstract, figure 6, paragraph 
0015-0017; 0042, 0048-0049 and 0071-0073 and 0082] (On 
abstract the following has been disclosed. "A novel and useful 
dynamic packet filter that can be incorporated in a hardware 
based firewall suitable for use in portable computing devices such 
as cellular telephones and wireless connected PDAs that are 
adapted to connect to the Internet The invention performs dynamic 
packet filtering on packets received over an input packet 
stream. The dynamic filter checks dynamic protocol behavior 
using information extracted from the received packet. 
Sessions are created and stored in a session database to track the 
state of communications between the source and destination. 
Recognition of a session is accelerated by use of a hash table to 
quickly determine the corresponding session record in the session 
database. Session related data is read from the session database 
and the received packet is checked against a set of rules for 
determination of whether to allow or deny the packet. " 
Furthermore Figure 6, described how the hashing technique of 
determining the sessions associated input packets." And on 
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paragraph 0073, the following has been disclosed. "Upon receipt of 
a packet, the socket 100 is input to the hash calculator 102 which 
functions to generate and output a hash result 104. The hash 
result is used as the index to the hash table 106 that 
comprises a plurality of entries 108 each containing a hash 
pointer. The hash pointer points to a linked list of sessions 1 10 in 
the session database. Each session record in the session database 
comprises previous 114 and next pointers 112 thus implementing 
a doubly linked list. If a hit on the socket occurs, each session in 
the linked list must be checked for a match with the socket of the 
received packet." Note the hash pointer meet the limitation of the 
"indices in a computer, wherein the indices identify a plurality 
of filters defining a network policy and wherein the indices are 
used by a firewall to identify a matching filter." And the 
following which is disclosed on paragraph 0015, "the present 
invention a dynamic filter for filtering an input packet stream 
comprising a session database adapted to store session related 
data for a plurality of sessions, each session corresponding to a 
socket, a session recognition module adapted to search the session 
database for a session whose associated socket matches that of a 
received packet, a session management module adapted to 
maintain the session database including adding, deleting and 
modifying sessions in the session database and a main filter 



Application/Control Number: 10/722,831 Page 5 

Art Unit: 2132 

module operative to track a connection state of the session 
corresponding to a receive packet and checking the connection 
state against a plurality of rules to determine whether to allow 
or deny the received packet" meets the limitation recited as 
"wherein the indices identify a plurality of filters defining a 
network policy and wherein the indices are used by a firewall 
to identify a matching filter.") 

• Creating a first index conforming to a first index type; 
[Paragraph 0073; figure 6, see "Session 1"] (Upon receipt of a 
packet, the socket 1 00 is input to the hash calculator 1 02 which 
functions to generate and output a hash result 1 04. The hash 
result is used as the index to the hash table 1 06 that comprises 
a plurality of entries 108 each containing a hash pointer.) 

• Identifying, in the first index, a first set of filters, each 
filter in the first set of filters specifying network packets 
subject to the network policy; [Figure 6 and Paragraph 0016, 

"checking the connection state against a pluralitu of rules to 
determine whether to allow or deny the received packet") 

• Maintaining statistics including a selected criteria and a 
corresponding value, wherein the value identifies a number of 
filters from the first set of filters meeting the selected criteria; 
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[ Paragraph 0104] (Field 30 stores the timestamp used to age a 
session. Time is represented in 1 6 bits and stored as a time 
difference or delta in accordance with the particular protocol. 
Periodically, the CPU instructs the session management module to 
perform session aging whereby sessions that have aged out are 
closed.) 

• Determining that the corresponding value exceeds a 
threshold value; [Claim 8, 20 and 33] (The method, further 
comprising the step of removing sessions whose associated 
timestamps have exceeded a predetermined threshold . ) 

• Creating a second index conforming to a second index type; 
identifying, in the second index, a second set of filters, 
wherein the second set of filters are a subset of the first set of 
filters; [Paragraph 0014 and figure 6; See, "Session 2" in a linked 
list shown on figure 6] (As it is shown on dependent claim 2, and 
the applicant's specification the "second index type is a linked list." 
Such linked list is disclosed on paragraph 0073 and figure 6] (On 
paragraph 0073, the following has been disclosed. "Upon receipt of 
a packet, the socket 1 00 is input to the hash calculator 1 02 which 
functions to generate and output a hash result 1 04. The hash result 
is used as the index to the hash table 1 06 that comprises a plurality 
of entries 108 each containing a hash pointer. The hash pointer 
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points to a linked list of sessions 110 in the session database. Each 
session record in the session database comprises previous 114 and 
next pointers 112 thus implementing a doubly linked list. If a hit on 
the socket occurs, each session in the linked list must be 
checked for a match with the socket of the received packet". And 
on paragraph 0014 the following has been disclosed. 

"There is also provided in accordance with the present invention a 
method of monitoring the state of a communications session, the 
method comprising the steps of establishing a session database 
adapted to store session related data for a plurality of sessions, 
each session corresponding to a socket, recognizing a session in 
accordance with a first hash calculation on the socket associated 
with a received packet, recognizing a hole session in accordance 
with a second hash calculation on a partial socket associated with 
the received packet, reading session data from the session 
database, the session data associated with either a recognized 
session or a recognized hole session, tracking a connection state of 
the session and checking the state against a plurality of rules to 
determine whether to allow or deny the received packet and writing 
updated session data back into the session database. ") and 

• Removing identification of the subset of filters from the 
first index. [Claim 8, 20 and 33] (The method, further comprising 
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the step of removing sessions whose associated timestamps have 
exceeded a predetermined threshold .) 

However as applicant's representative persuasively argued, the 
prior art on the record namely Goldberg, does not disclose/ teach 
some elements of the limitation of the independent claims. For 
instance Goldberg's discloses a timestamp field and corresponding 
aging process however does not teach or suggest "maintaining 
statistics including a selected criteria and a corresponding 
value wherein the value identifies a number of filters from the 
first set of filters meeting the selected criteria" and 
"determining that the corresponding value exceeds a threshold 
value." Furthermore Goldberg' s other record field of session 
database does not contain such a value. 

None of the prior art of record taken singularly or in combination 
teaches or suggests a method for dynamically creating and 
maintaining a set of indices in a computer, wherein the indices 
identify a plurality of filters defining a network policy and wherein 
the indices are used by a firewall to identify a matching filter, 
comprising the above limitation with the combination of other 
limitation recited in respective independent claims 1 and 16. 
Furthermore Goldberg does not disclose some of the limitation 
recited on independent claims 1 1 and 2 1 . 
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For the reasons provided above, the independent claims 1, 11, 16, 
and 21 are found to be novel and are allowed. 
9. The dependent claims which are dependent on the 

independent claims 1, 11, 16, and 21 being further limiting to 
the independent claims, definite and enabled by the specification 
are also allowed. 

Any comments considered necessary by applicant must be 
submitted no later than the payment of the issue fee and, to avoid 
processing delays, should preferably accompany the issue fee. 
Such submission should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Conclusion 



10. The prior art made of record and not relied upon is considered 
pertinent to applicant's disclosure. (See PTO-Form 892). 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Samson 
B Lemma whose telephone number is 571-272-3806. The 
examiner can normally be reached on Monday-Friday (8:00 am —4: 
30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, 
the examiner's supervisor, BARRON JR GILBERTO can be reached 
on. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained 
from the Patent Application Information Retrieval (PAIR) system. 
Status information for published applications may be obtained 
from either Private PAIR or Public PAIR. Status information for 
unpublished applications is available through Private PAIR only. 
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For more information about the PAIR system, see http:/ /pair- 
direct.uspto.gov. Should you have questions on access to the 
Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 

/S. B. L./ 
Samson B Lemma 
Examiner, Art Unit 2132 
03/05/2008 



/Gilberto Barron Jr/ 

Supervisory Patent Examiner, Art Unit 2132 



